H3C Technologies H3C WX3000 Series Unified Switches User Manual

46-33

Figure 47-25

Network diagram of SSH client configuration

Switch B

SSH Server

Switch A

SSH Client

VLAN-Interface 1

10.165 .87.137./24

10.165 .87 .136./24

VLAN-Interface 1

Configuration procedure

z

Configure Switch B

# Create a VLAN interface on the device and assign an IP address for it to serve as the destination of
the client.

<device> system-view

[device] interface vlan-interface 1

[device-Vlan-interface1] ip address 10.165.87.136 255.255.255.0

[device-Vlan-interface1] quit

# Generate RSA and DSA key pairs.

[device] public-key local create rsa

[device] public-key local create dsa

# Set AAA authentication on user interfaces.

[device] user-interface vty 0 4

[device-ui-vty0-4] authentication-mode scheme

# Configure the user interfaces to support SSH.

[device-ui-vty0-4] protocol inbound ssh

# Set the user command privilege level to 3.

[device-ui-vty0-4] user privilege level 3

[device-ui-vty0-4] quit

# Specify the authentication type for user client001 as publickey.

[device] ssh user client001 authentication-type publickey

Before doing the following steps, you must first generate a DSA key pair on the client and save the key
pair in a file named Switch001, and then upload the file to the SSH server through FTP or TFTP. For
details, refer to the following “Configure Switch A”.

# Import the client’s public key file Switch001 and name the public key as Switch001.

[device] public-key peer Switch001 import sshkey Switch001

# Assign public key Switch001 to user client001

[device] ssh user client001 assign rsa-key Switch001

# Export the generated DSA host public key pair to a file named Switch002.

[device] public-key local export dsa ssh2 Switch002